When you access another person’s data nowadays, what you do with it is your responsibility. That means if you download a student’s assignment to your laptop so you can mark it, you can’t store it in your Google Drive — that’s not your right. An assignment is considered private information, and it shouldn’t be taken “off University property” — meaning the information can’t be posted online (like in the cloud), or stored outside of Canada (cloud servers are scattered around the world). “The main focus of why we are concerned about this is because of FIPPA, which is the Freedom of Information and Protection of Privacy legislation in BC,” says Edmund Seow, LFS computer systems manager.
Here is a quick guide to information privacy at LFS, and for UBC as a whole.
- If you haven’t already completed Privacy Matters, you must do so. As a student, faculty or staff member, you are responsible for other people’s information. Step up, and take that responsibility seriously.
- Take your devices to the LFS Learning Centre to have them encrypted. What this means is that any data in the hard drive is encoded using a special key. That way, if your hard drive is removed from your device and plugged into another computer, it’s impossible to read — the key is necessary to unencrypt the information.“The machine will call back several times a day to update what the encryption status is,” says Seow. “As long as it says it’s still encrypted, we have reasonable confidence that nobody can access the data.”
- Create a strong password for your CWL (the system will guide you in this). Seow recommends that you memorize it, since it’s your own personal key to nearly all campus services and systems.Don’t write your password down. If you want to use a password keeper, you can try LastPass or KeePass.If you forget your password or otherwise become locked out of your device, UBC keeps your encryption key in escrow, and can still unencrypt it.
- For graduate students in teaching assistant roles, you are transitioning to being University employees. It’s important to not have any kind of information stored on your personal device if it hasn’t been properly encrypted. Let’s say, for example, you’re downloading a class list, or an assignment for grading. If you misplace your device or have it stolen and if it hasn’t been encrypted, that information is at risk. If data is lost, that must be reported to UBC’s privacy commissioner. From there it cycles up the chain to the BC government, to report on how many records were lost, and what type. The University then has to contact all of the students whose information were potentially lost — or stolen.It’s not really grades themselves that are the concern. It’s the identifiable information: things like first name, last name, email addresses, student numbers or login IDs. “There are a lot of legal ramifications for losing data,” says Seow. “It’s the reputation of the University partly, but it’s also about protecting the privacy of the students.”
- Use your UBC email address for UBC-related business. This ensures the information is stored locally, not in the cloud, where it’s vulnerable. Take care not to forward private information in emails, too.
- Don’t want to encrypt your personal device? That’s fine. But then it’s your responsibility to do all your grading inside Canvas, and conduct your UBC-related work on a computer that’s owned by UBC.
Got questions? We’ve got answers. Drop us a line or pop by for a chat.